Ransomware and Recent Variants

Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
    Ransomware Profile: Egregor
    https://blog.emsisoft.com/en/37810/ransomware-profile-egregor/
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
    Ransomware Profile: NetWalker
    https://blog.emsisoft.com/en/37677/ransomware-profile-netwalker/
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,978
    The Week in Ransomware - March 5th 2021 - Targeting service providers
    March 5, 2021
    https://www.bleepingcomputer.com/ne...e-march-5th-2021-targeting-service-providers/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,978
    The Week in Ransomware - March 12th 2021 - Encrypting Exchange servers
    March 12, 2021
    https://www.bleepingcomputer.com/ne...-march-12th-2021-encrypting-exchange-servers/
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,978
    The Week in Ransomware - March 19th 2021 - Highest ransom ever!
    March 19, 2021
    https://www.bleepingcomputer.com/ne...nsomware-march-19th-2021-highest-ransom-ever/
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,292
    Location:
    U.S.A.
    This article is worth a "full read." If your PC suddenly reboots to Safe mode and you're presented with the Win logon screen; assuming you have that configured, immediately power down your PC.
     
    Last edited: Mar 21, 2021
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,159
    Location:
    Canada
    They say REvil is also known as Sodinokibi, which typically starts as a phishing email. If the recipient clicks on the link, it downloads the malicious-and-hard-for-antivirus-to-detect zip file, then the user needs to double-click the file to launch the attack. So assuming the user needs to screw up twice, which is not out of the realm of possibility, then some other protection in the form of system hardening such as HIPS, SRP, or maybe OSArmor, to name a few possibilities could come to the rescue. The obfuscated javascript file is proof antivirus can't be depended on 100%.
     
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    16,566
    Location:
    UK
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,296
    Location:
    DC Metro Area
    "Ziggy Ransomware Gang Offers Refunds to Victims

    The Ziggy ransomware gang announced in early February they were getting out of the cybercrime business. Now they say they’re ready to refund their victims’ money.

    Anyone who paid a ransom to Ziggy just needs to shoot them an email with proof of payment calculated in Bitcoin and the computer ID. After that, the money will be returned to the Bitcoin wallet in about two weeks...

    Apparently, Ziggy was scared straight in early February after law-enforcement takedowns of fellow purveyors of malware like Emotet and the NetWalker ransomware; and added that they were feeling guilty..."

    https://threatpost.com/ziggy-ransomware-gang-offers-refund-to-victims/165124/
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,296
    Location:
    DC Metro Area
    "Hacked companies are paying off ransomware gangs, the criminals are reinvesting the profits in making bigger and bolder attacks, and there's no end in sight...

    Gangs, many located in Russia, and using their loot to invest in AI and other tools to be more effective...

    Whether the payments come via insurers or from the companies themselves, they are funding advancements for the gangs. 'They're investing in the development of automation tools' ... using machine learning to find and exploit holes in organizations' defenses. It used to take gangs weeks to seize organizations' data and demand a ransom, the analyst said. Now it can be done in hours..."

    https://www.businessinsider.com/ran...-coalition-deep-instinct-vicious-cycle-2021-4
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    16,566
    Location:
    UK
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
    Dutch supermarkets run out of cheese after ransomware attack
    https://www.bleepingcomputer.com/ne...ts-run-out-of-cheese-after-ransomware-attack/
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
    PSA: Severe bug in Babuk ransomware decryptor leads to data loss
    https://blog.emsisoft.com/en/38378/psa-severe-bug-in-babuk-ransomware-decryptor-leads-to-data-loss/
     
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,296
    Location:
    DC Metro Area
    "Ransomware Gang Strikes The NBA Houston Rockets

    Screenshots...indicate that the attackers claim to have stolen 500 gigabytes of data during the breach...

    The ransomware used in the attack, Babuk, is not considered to be especially sophisticated. It is, however, still quite dangerous. Babuk has been unleashed against a variety of targets in the healthcare sector, as well as manufacturers and logistics companies...

    Files stolen during the attack appear to include player contracts, non-disclosure agreements, personnel information and other financial data. In the ransom note left behind, the attackers note that the data 'could lead to legal problems and cause concern for customers' if published..."

    https://www.forbes.com/sites/leemat...-strikes-the-houston-rockets/?sh=3853fb6b74ba
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,978
    The Week in Ransomware - April 16th 2021 - The Houston Rockets
    April 16, 2021
    https://www.bleepingcomputer.com/ne...nsomware-april-16th-2021-the-houston-rockets/
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,978
    Ryuk ransomware operation updates hacking techniques
    April 17, 2021
    https://www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,978
    Discord Nitro gift codes now demanded as ransomware payments
    April 18, 2021
    https://www.bleepingcomputer.com/ne...ft-codes-now-demanded-as-ransomware-payments/
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    111,112
    Location:
    Texas
  23. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,296
    Location:
    DC Metro Area
    "Ransomware targeted by the new Department of Justice Task Force

    The Department of Justice has formed a task force to curb the proliferation of ransomware cyberattacks, targeting the entire digital ecosystem that supports popular blackmail schemes to make them less profitable...

    According to the Memorandum of Understanding, the Task Force will identify ransomware as a priority to increase training, allocate more resources to problems, improve intelligence sharing across departments, and 'connect criminals with the nation-state.'

    This memo covers the criminal ecosystem surrounding ransomware, including prosecution, interruption of ongoing attacks, and suppression of services that support attacks, such as online forums promoting ransomware sales and hosting services that promote ransomware campaigns...

    The Task Force consists of the Department of Justice’s Criminal, National Security, Civil Affairs, Federal Bureau of Investigation, and the US Public Prosecutor’s Office..."

    https://texasnewstoday.com/ransomware-targeted-by-the-new-department-of-justice-task-force/235303/
     
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,141
    Location:
    Slovenia
    Stanford student finds glitch in ransomware payment system to save victims $27,000
    https://www.cyberscoop.com/jack-cable-qlocker-ransomware-recovery/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.